mirror of
1
Fork 0
Commit Graph

2 Commits

Author SHA1 Message Date
Alex Syrnikov 03715f8469
[GITEA] add /.well-known/security.txt endpoint
resolves #38
adds RFC 9116 machine parsable
File Format to Aid in Security Vulnerability Disclosure

(cherry picked from commit 8ab1f8375c)
(cherry picked from commit 8f04f0e288)
(cherry picked from commit 5ced68a7a0)
(cherry picked from commit 437c5dd749)

Conflicts:
     52fb936773 Serve pre-defined files in "public", add "security.txt", add CORS header for ".well-known" (#25974)
2023-07-26 16:38:06 +02:00
wxiaoguang 52fb936773
Serve pre-defined files in "public", add "security.txt", add CORS header for ".well-known" (#25974)
Replace #25892

Close  #21942
Close  #25464

Major changes:

1. Serve "robots.txt" and ".well-known/security.txt" in the "public"
custom path
* All files in "public/.well-known" can be served, just like
"public/assets"
3. Add a test for ".well-known/security.txt"
4. Simplify the "FileHandlerFunc" logic, now the paths are consistent so
the code can be simpler
5. Add CORS header for ".well-known" endpoints
6. Add logs to tell users they should move some of their legacy custom
public files

```
2023/07/19 13:00:37 cmd/web.go:178:serveInstalled() [E] Found legacy public asset "img" in CustomPath. Please move it to /work/gitea/custom/public/assets/img
2023/07/19 13:00:37 cmd/web.go:182:serveInstalled() [E] Found legacy public asset "robots.txt" in CustomPath. Please move it to /work/gitea/custom/public/robots.txt
```
This PR is not breaking.

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-07-21 12:14:20 +00:00